package filter;

import bean.EmpBean;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@WebFilter(filterName = "OAuthFilter",value = "/vip/*")
public class OAuthFilter implements Filter {
    public void destroy() {
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        HttpServletRequest request = (HttpServletRequest) req;
           //1 .获得servlet的路径
         String uri =  request.getServletPath();
         //2 拆分路径
          String  op_path = uri.substring(uri.lastIndexOf("/"));
         System.out.println("需要操作的地址："+op_path);
         // 3 拿出员工对象来查询操作权限
        HttpSession session = request.getSession();
        EmpBean empBean = (EmpBean) session.getAttribute("emp");
        System.out.println("需要操作的权限："+empBean.getAuth());
         //判断权限
         if(op_path.startsWith("/update")||op_path.startsWith("/replace")){
             System.out.println("进行修改操作");
             if(empBean.getAuth()>=2){
                 chain.doFilter(req, resp);
             }else{
                resp.getWriter().print("<script>alert('你没有修改的权力，请联系管理员');window.location.href='../showAll'</script>");
             }

         }else if(op_path.startsWith("/del")||op_path.startsWith("/delete")||op_path.startsWith("remove")){
                System.out.println("进行删除操作");
                if(empBean.getAuth()>=3){
                    chain.doFilter(req, resp);
                }else{
                    resp.getWriter().print("<script>alert('你没有删除的权力，请联系管理员');window.location.href='../showAll'</script>");

                }
         }else{
             chain.doFilter(req, resp);
         }





    }

    public void init(FilterConfig config) throws ServletException {

    }

}
